package yz.cp.back.auth.oauth.authorize.provider;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;
import yz.cp.back.auth.ImConfig;
import yz.cp.back.auth.oauth.authorize.AuthorizeConfigProvider;

@Component
@Order(Integer.MAX_VALUE - 1)
public class AuthAuthorizeConfigProvider implements AuthorizeConfigProvider {

	@Autowired(required = false)
	private ImConfig imConfig;

	@Override
	public boolean config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
		// 免token登录设置
		config.antMatchers(imConfig.getOauthUrl().getIgnore().stream().toArray(String[]::new)).permitAll()
				.antMatchers(HttpMethod.OPTIONS).permitAll()
				.antMatchers(imConfig.getOauthUrl().getAuth().stream().toArray(String[]::new)).authenticated();
		return true;
	}

}
